From the Spring 2017 Issue

Security Through Inclusion

Author(s):

Gary Merry, CEO, Deep Run Security Services, LLC

Larry Letow, CEO, U.S., CyberCX

It’s not the number of people in your security department, but the number of departments into security, that will make you secure. Creating a secure business is not about replacing part of your business with security functions, it’s about integrating security into business operations, as with any other business function. It’s certainly not about believing … Read more

From the Spring 2017 Issue

INDEPENDENCE & OBJECTIVITY: Fundamental Best Practices for Cybersecurity Assessments

Author(s):

Henry J. Sienkiewicz, Faculty, Georgetown University

Cyber professionals generally know one thing – the cyber environment is constantly shifting. New business requirements, end-user needs and technologies change. New devices and applications create or remove vulnerabilities on a daily basis. Attackers respond and adapt as they seek to find exploitable weaknesses within the environment in order to reach an organization’s data. As … Read more

From the Winter 2017 Issue

The Difference between Data Security and Privacy

Author(s):

Mark R. Heckman, Ph.D., CISSP, CISA, Professor of Practice, Shiley-Marcos School of Engineering University of San Diego

The difference between data security and privacy

Data Security and privacy are related, but distinct concepts. That may seem obvious to many people, but relatively few can clearly explain the difference. Privacy, moreover, is impossible without data security. This idea does not work the other way around, and the reason why that is true is often missed. Without a clear understanding of … Read more

From the Winter 2017 Issue

Train Like You Fight: Cyber Workforce Alignment

Author(s):

Chad Carroll, Chief Strategy Officer, Chiron Technology Services, Inc.

Over the past few years, industry surveys have highlighted the demand for technically skilled cybersecurity professionals, exposing a fundamental workforce shortcoming. The way industry identifies, trains and validates cybersecurity skills is outdated and misaligned. If the current training paradigm continues, the workforce will not grow in a manner responsive to the threat environment, and we … Read more

From the Winter 2017 Issue

Security through Planned Destruction— Using the Cloud to Reduce APT Risk 

Author(s):

Chris Rutherford, CISSP, CAP, Senior Strategic Cyber Consultant, LMI

David K. Shepherd, CISSP, PMP, Senior Consultant, LMI

Many network attacks gaining attention today are advanced persistent threats (APT) that aim to maintain access for long-term data exfiltration. The advent of cloud infrastructure provides a new avenue of defense against persistent network attacks. The ability to plan the destruction and re-creation of virtual machines in the cloud environment can dramatically reduce the time … Read more

From the Fall 2016 Issue

LINGERING VULNERABILITIES

Author(s):

Ragu Ragunathan, Principal Cybersecurity Consultant, Web Traits, Inc.

Most organizations depend on a complex set of information systems for their mission-critical functions. The risks to these systems and the information they contain are one of many concerns for management at all levels. For practical, operational reasons, most organizations will often allow for a few vulnerabilities that impact their information systems, with a plan … Read more

From the Fall 2016 Issue

Incentivize Me: The Story of IoT & Malware

Author(s):

Craig Harper, Chief Technology Officer, Sysorex

Wow-factor. It’s one of the best parts of new technology. Childhood dreams and impossible ideas have not only come to exist, but are highly integrated into our daily lives. The Internet of Things (IoT) phenomenon has the wow-factor that so many seek and try to harness in their ideas and products. But those who are … Read more

From the Fall 2016 Issue

SDN FORENSICS – A CHALLENGE

Author(s):

Chris Christou, , Booz | Allen | Hamilton

Emre Ertekin, , Booz | Allen | Hamilton

Greg Starkey, , Booz | Allen | Hamilton

Joseph Bull, , Booz | Allen | Hamilton

Michael Lundberg, , Booz | Allen | Hamilton

Michael McAlister, , Booz | Allen | Hamilton

Tyler Duquette, , Booz | Allen | Hamilton

Winfield Arnott, , Booz | Allen | Hamilton

SOFTWARE DEFINED NETWORKING – A NEW PARADIGM  Software-defined networking (SDN) provides a new approach to networking by separating the functions of data switching and switch control. SDN permits better global network configuration and control by consolidating network topology and control information into a single controller. Information that is typically found distributed across routing and switching … Read more

From the Summer 2016 Issue

Counterterrorism Tradecraft in Advanced Persistent Threat Mitigation

Author(s):

Joe Malik, CEO, Consolidated Research Group

Revisiting the Cyber Kill Chain The Cyber Kill Chain is considered a benchmark for cyberintrusion detection. It is functionally analogous to the Terrorism Kill Chain in all but one respect.1 Intrusions are now a much broader problem class than they were when the Cyber Kill Chain was developed. However, if hackers tend to use trend-focused … Read more

From the Summer 2016 Issue

Identity and Access Management: The Quiet Disruption in Security Engineering

Author(s):

Adam Firestone, Editor-in-Chief , United States Cybersecurity Magazine

We are on the cusp of a revolution in information security engineering. Even a cursory glance at the security technoscape shows a shift away from perimeter-based defenses and their electronic ramparts, bastions, and moats, toward mechanisms that automatically regulate access to data resources and processing functionality in real time. This is consistent with and reflective … Read more